86 | Cryptographic authentication systems enable more secure interactions among 87 | machines, individuals, and organizations. These systems often use public-private 88 | key cryptography or encryption mechanisms to manage both cryptographic material 89 | and operations utilizing that material. This specification provides a common data 90 | model and interface for interacting with these systems enabling one to perform 91 | secure cryptographic operations on keypairs such as creating, wrapping, unwrapping, 92 | signing, encrypting, and decrypting. 93 |
94 |113 | Cryptographic authentication systems enable machines, individuals, and 114 | organizations to more securely interact with one another. These systems often 115 | use public-private key cryptography or encryption mechanisms in order to manage 116 | cryptographic material as well as operations utilizing that material. There are 117 | a variety of these sorts of cryptographic systems in use today, sometimes 118 | referred to as Key Management Systems. While many of these sorts of systems 119 | exist, there is no common interface for accessing and using these systems. 120 |
121 |122 | The creation of a common interface for accessing Key Management Systems would 123 | enable software to be written once to interact with these systems such that 124 | systems with different implementations and properties could be switched 125 | without affecting the client software that utilizes such systems. A common API 126 | would shift the burden of interacting with each implementation to the vendors 127 | of those systems, while eliminating the burden for application developers. 128 |
129 |130 | While there are a variety of proprietary enterprise grade Key Management Systems today 131 | that would benefit from a common interface, personal Key Management Systems 132 | such as those created through the Fast Identity Online (FIDO) initiative could 133 | also benefit. 134 |
135 |136 | If the interface is provided as a Web-based interface, then Web-based 137 | applications could be written against such an API. Similarly, Web-based 138 | applications could provide choice in Key Management Systems -- potentially 139 | allowing customers to bring their own Key Management Systems with them just as 140 | they bring their own devices today. 141 |
142 | 143 |147 | This section describes the roles of the core actors and the relationships 148 | between them in an ecosystem where this specification is expected 149 | to be useful. A role is an abstraction that might be implemented in many 150 | different ways. The separation of roles suggests likely interfaces and 151 | protocols for standardization. The following roles are introduced in this 152 | specification: 153 |
154 | 155 |180 | The following use cases outline a number of key scenarios that readers might 181 | find useful: 182 |
183 | 184 |234 | As a result of documenting and analyzing the use cases, the following 235 | desirable ecosystem characteristics were identified for this specification: 236 |
237 | 238 |264 | TBD 265 |
266 |281 | There is a relatively small set of common cryptographic operations that Key 282 | Management Systems provide. These operations include: generate, wrap, unwrap, 283 | sign, verify, encrypt, and decrypt. These cryptographic operations can be 284 | thought of as functions that operate on objects, in this case 285 | cryptographic keys, in a remote execution environment. 286 |
287 |288 | Ensure that the list is updated from 289 | here. 290 |
291 |292 | The Authorization Capabilities for Linked Data [ZCAP-LD] specification, also 293 | know as ZCAPs, outlines how remote execution environments can be manipulated by 294 | demonstrating cryptographic control of functions and objects. 295 | The ZCAP-LD specification enables one to grant authority to remote clients to 296 | call functions on specific objects. This technology enables a Key Management 297 | System to provide a Web-based API that enables clients to create keys and 298 | execute cryptographic operations using those keys by invoking ZCAPs. 299 |
300 |301 | The WebKMS API enables clients to create keystores, a type of object, 302 | that they control. That is, the client is the controller of the keystore. 303 | The client may also generate a key, another type of object, and 304 | associate it with a keystore. Each keystore is identified by a URI. In 305 | addition, the controller of a keystore can be changed to enable the transfer 306 | of keys without requiring the exfiltration of the key. Other entities can 307 | also be added as controllers of the keystore such that multiple parties might 308 | control the keystore without having access to the raw key material. 309 |
310 |311 | Each key in the keystore has an associated set of functions according 312 | to the type of key that it is. Examples of key types include keys used for 313 | performing asymmetric cryptographic operations such as digital signatures and 314 | keys used for performing symmetric cryptographic operations such as 315 | encryption and decryption. These functions can be remotely executed 316 | via the use of ZCAPs such that the cryptographic key material never 317 | needs to be exfiltrated in order to use the key. In many hardware-backed 318 | cryptographic key management systems, the exfiltration of keys is not 319 | supported and the system itself is hardened against tampering with the 320 | intent to exfiltrate the keys. 321 |
322 |
323 | In order to execute a function on a key, a KmsOperation
324 | of a specific type can be applied to the key, including a ZCAP that
325 | invokes the capability that demonstrates the authorization to perform the
326 | operation. For example, a KmsOperation might be constructed and POSTed to
327 | the key URL with an invocation of a ZCAP performed via HTTP Signatures.
328 |
<map>Generates a new cryptographic key in the keystore.
339 |<map>Gets the key description for the given key ID.
343 |<map>Store a capability revocation.
347 |<string>Wraps a cryptographic key using a key encryption key (KEK).
351 |<(Uint8Array|null)>Unwraps a cryptographic key using a key encryption key (KEK).
355 |<string>Signs some data. Note that the data will be sent to the server, so if 359 | this data is intended to be secret it should be hashed first. However, 360 | hashing the data first may present interoperability issues so choose 361 | wisely. 362 |
363 |<boolean>Verifies some data. Note that the data will be sent to the server, so if 367 | this data is intended to be secret it should be hashed first. However, 368 | hashing the data first may present interoperability issues so choose 369 | wisely. 370 |
371 |<Uint8Array>Derives a shared secret via the given peer public key, typically for use 375 | as one parameter for computing a shared key. It should not be used as 376 | a shared key itself, but rather input into a key derivation function (KDF) 377 | to produce a shared key. 378 |
379 |<map>Stores a delegated authorization capability, enabling it to be invoked by 383 | its designated invoker. 384 |
385 |<boolean>Removes a previously stored delegated authorization capability, preventing 389 | it from being invoked by its designated invoker. 390 |
391 |<map>Creates a new keystore using the given configuration.
395 |<map>Gets the configuration for a keystore by its ID.
399 |<map>Finds the configuration for a keystore by its controller and reference ID.
403 |<map>Generates a new cryptographic key in the keystore.
408 |Response: HTTP 200 - <map> - The key description for the key.
| Param | 413 |Type | 414 |Description | 415 |
|---|---|---|
| options.kmsModule | 420 |string |
421 | The KMS module to use. | 422 |
| options.type | 425 |string |
426 | The key type (e.g. 'AesKeyWrappingKey2019'). | 427 |
| [options.capability] | 430 |string |
431 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 432 |
| options.invocationSigner | 435 |map |
436 | An API with an id property and a sign function for signing a capability invocation. |
437 |
<map>Gets the key description for the given key ID.
443 |Response: HTTP 200 - <map> - The key description.
| Param | 448 |Type | 449 |Description | 450 |
|---|---|---|
| [options.keyId] | 455 |string |
456 | The ID of the key. | 457 |
| [options.capability] | 460 |string |
461 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 462 |
| options.invocationSigner | 465 |map |
466 | An API with an id property and a sign function for signing a capability invocation. |
467 |
<map>Store a capability revocation.
473 |Response: HTTP 200 - <map> - Resolves once the operation completes.
| Param | 478 |Type | 479 |Description | 480 |
|---|---|---|
| options.capabilityToRevoke | 485 |map |
486 | The capability to enable. | 487 |
| [options.capability] | 490 |string |
491 | The zcap authorization capability to use to authorize the invocation of this operation. | 492 |
| options.invocationSigner | 495 |map |
496 | An API with an id property and a sign function for signing a capability invocation. |
497 |
<string>Wraps a cryptographic key using a key encryption key (KEK).
503 |Response: HTTP 200 - <string> - The base64url-encoded wrapped key bytes.
| Param | 508 |Type | 509 |Description | 510 |
|---|---|---|
| options.kekId | 515 |string |
516 | The ID of the wrapping key to use. | 517 |
| options.unwrappedKey | 520 |Uint8Array |
521 | The unwrapped key material as a Uint8Array. | 522 |
| [options.capability] | 525 |string |
526 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 527 |
| options.invocationSigner | 530 |map |
531 | An API with an id property and a sign function for signing a capability invocation. |
532 |
<(Uint8Array|null)>Unwraps a cryptographic key using a key encryption key (KEK).
538 |Response: HTTP 200 - <(Uint8Array|null)> - Resolves to the unwrapped key material
539 | or null if the unwrapping failed because the key did not match.
540 |
| Param | 545 |Type | 546 |Description | 547 |
|---|---|---|
| options.kekId | 552 |string |
553 | The ID of the unwrapping key to use. | 554 |
| options.wrappedKey | 557 |string |
558 | The wrapped key material as a base64url-encoded string. | 559 |
| [options.capability] | 562 |string |
563 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 564 |
| options.invocationSigner | 567 |map |
568 | An API with an id property and a sign function for signing a capability invocation. |
569 |
<string>Signs some data. Note that the data will be sent to the server, so if 575 | this data is intended to be secret it should be hashed first. However, 576 | hashing the data first may present interoperability issues so choose 577 | wisely. 578 |
579 |Response: HTTP 200 - <string> - The base64url-encoded signature.
| Param | 584 |Type | 585 |Description | 586 |
|---|---|---|
| options.keyId | 591 |string |
592 | The ID of the signing key to use. | 593 |
| options.data | 596 |Uint8Array |
597 | The data to sign as a Uint8Array. | 598 |
| [options.capability] | 601 |string |
602 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 603 |
| options.invocationSigner | 606 |map |
607 | An API with an id property and a sign function for signing a capability invocation. |
608 |
<boolean>Verifies some data. Note that the data will be sent to the server, so if 614 | this data is intended to be secret it should be hashed first. However, 615 | hashing the data first may present interoperability issues so choose 616 | wisely. 617 |
618 |Response: HTTP 200 - <boolean> - true if verified, false if not.
| Param | 623 |Type | 624 |Description | 625 |
|---|---|---|
| options.keyId | 630 |string |
631 | The ID of the signing key to use. | 632 |
| options.data | 635 |Uint8Array |
636 | The data to verify as a Uint8Array. | 637 |
| options.signature | 640 |string |
641 | The base64url-encoded signature to verify. | 642 |
| [options.capability] | 645 |string |
646 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 647 |
| options.invocationSigner | 650 |map |
651 | An API with an id property and a sign function for signing a capability invocation. |
652 |
<Uint8Array>Derives a shared secret via the given peer public key, typically for use 658 | as one parameter for computing a shared key. It should not be used as 659 | a shared key itself, but rather input into a key derivation function (KDF) 660 | to produce a shared key. 661 |
662 |Response: HTTP 200 - <Uint8Array> - The shared secret bytes.
| Param | 667 |Type | 668 |Description | 669 |
|---|---|---|
| options.keyId | 674 |string |
675 | The ID of the key agreement key to use. | 676 |
| options.publicKey | 679 |map |
680 | The public key to compute the shared secret against; the public key type must match the key agreement key's type. | 681 |
| [options.capability] | 684 |string |
685 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 686 |
| options.invocationSigner | 689 |map |
690 | An API with an id property and a sign function for signing a capability invocation. |
691 |
<map>Stores a delegated authorization capability, enabling it to be invoked by 697 | its designated invoker. 698 |
699 |Response: HTTP 200 - <map> - Resolves once the operation completes.
| Param | 704 |Type | 705 |Description | 706 |
|---|---|---|
| options.capabilityToEnable | 711 |map |
712 | The capability to enable. | 713 |
| [options.capability] | 716 |string |
717 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 718 |
| options.invocationSigner | 721 |map |
722 | An API with an id property and a sign function for signing a capability invocation. |
723 |
<boolean>Removes a previously stored delegated authorization capability, preventing 729 | it from being invoked by its designated invoker. 730 |
731 |Response: HTTP 200 - <boolean> - Resolves to true if the document was deleted
732 | and false if it did not exist.
733 |
| Param | 738 |Type | 739 |Description | 740 |
|---|---|---|
| options.id | 745 |map |
746 | The ID of the capability to revoke. | 747 |
| [options.capability] | 750 |string |
751 | The zCAP-LD authorization capability to use to authorize the invocation of this operation. | 752 |
| options.invocationSigner | 755 |map |
756 | An API with an id property and a sign function for signing a capability invocation. |
757 |
<map>Creates a new keystore using the given configuration.
763 |Response: HTTP 200 - <map> - Resolves to the configuration for the newly
764 | created keystore.
765 |
| Param | 770 |Type | 771 |Description | 772 |
|---|---|---|
| options.url | 777 |string |
778 | The url to post the configuration to. | 779 |
| options.config | 782 |string |
783 | The keystore's configuration. | 784 |
<map>Gets the configuration for a keystore by its ID.
790 |Response: HTTP 200 - <map> - Resolves to the configuration for the keystore.
| Param | 795 |Type | 796 |Description | 797 |
|---|---|---|
| options.id | 802 |string |
803 | The keystore's ID. | 804 |
<map>Finds the configuration for a keystore by its controller and reference ID.
810 |Response: HTTP 200 - <map> - Resolves to the configuration for the keystore.
| Param | 815 |Type | 816 |Description | 817 |
|---|---|---|
| [options.url] | 822 |string |
823 | The url to query. | 824 |
| options.controller | 827 |string |
828 | The keystore's controller. | 829 |
| options.referenceId | 832 |string |
833 | The keystore's reference ID. | 834 |
845 | This section details the general privacy considerations and specific privacy 846 | implications of deploying this specification into production environments. 847 |
848 | 849 |855 | There are a number of security considerations that implementers should be 856 | aware of when processing data described by this specification. Ignoring or 857 | not understanding the implications of this section can result in 858 | security vulnerabilities. 859 |
860 | 861 |862 | While this section attempts to highlight a broad set of security 863 | considerations, it is not a complete list. Implementers are urged to seek the 864 | advice of security and cryptography professionals when implementing mission 865 | critical systems using the technology outlined in this specification. 866 |
867 | 868 |874 | There are a number of accessibility considerations implementers should be 875 | aware of when processing data described in this specification. As with any web 876 | standards or protocols implementation, ignoring accessibility issues makes 877 | this information unusable to a large subset of the population. It is important 878 | to follow accessibility guidelines and standards, such as [[WCAG21]], to ensure 879 | all people, regardless of ability, can make use of this data. This is 880 | especially important when establishing systems utilizing cryptography, which 881 | have historically created problems for assistive technologies. 882 |
883 | 884 |885 | This section details the general accessibility considerations to take into 886 | account when utilizing this data model. 887 |
888 | 889 |895 | There are a number of internationalization considerations implementers should be 896 | aware of when publishing data described in this specification. As with any web 897 | standards or protocols implementation, ignoring internationalization makes it 898 | difficult for data to be produced and consumed across a disparate set of 899 | languages and societies, which would limit the applicability of the 900 | specification and significantly diminish its value as a standard. 901 |
902 | 903 |904 | This section outlines general internationalization considerations to take into 905 | account when utilizing this data model. 906 |
907 | 908 |2 | The following terms are used to describe concepts in this specification. 3 |
4 | 5 |