9

What does "e": "AQAB" mean in JWKS - Json Web Key Set

{
  "keys": [
    {
      "kty": "RSA", #key type
      "e": "AQAB",  #Question - what does "e" mean or stand for. And what values can e take. What is AQAB here. 
      "use": "sig", #verify client assertion signature. This means what is the use of the key. Answer - to verify signature. Right?
      "kid": "somebase64encodestring", #key id
      "alg": "RS256",  #key algoritham. Here it is RSA.
      "n": "anotherbase64encodestring"  #This is the actual public key base64 encoded.
    }
  ]
}
samshers
  • 1
  • 6
  • 37
  • 84
  • Does this answer your question? [Can Anyone Explain what keys are in dict of jwk when generating key](https://stackoverflow.com/questions/67821481/can-anyone-explain-what-keys-are-in-dict-of-jwk-when-generating-key) – jps Nov 18 '21 at 15:55
  • further to the Q - when the alg is specified and the public key is present. Can not `"e": "AQAB"` be inferred from public key. I think yes. Then why specify it explicitly in the jwks. What is the extra benefit or requirement. – samshers Nov 19 '21 at 07:50

1 Answers1

8

It's part of the public key too. From https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.2

6.3.1.2. "e" (Exponent) Parameter

The "e" (exponent) parameter contains the exponent value for the RSA public key. It is represented as a Base64urlUInt-encoded value.

For instance, when representing the value 65537, the octet sequence to be base64url-encoded MUST consist of the three octets [1, 0, 1]; the resulting representation for this value is "AQAB".

Brian Campbell
  • 2,293
  • 12
  • 13
  • when the alg is specified and the public key is present. Can not `"e": "AQAB"` be inferred from public key. ++1. I think yes. Then why specify it explicitly in the jwks. What is the extra benefit or requirement. – samshers Nov 19 '21 at 07:48
  • 1
    I'm confused here - are you saying the value of the `exponent` crypto parameter is `base64.decode("AQAB")`, which is something like `010001` in binary or 17? Is this accurate, and where did 65537 come from? Is that a common exponent? – h0r53 Mar 28 '22 at 23:48
  • 1
    Ahh I see, `010001` is actually base16, which translates to 65537. My question remains on "is 65537 a common exponent?" It appears to be. I'm guessing it's just a reasonably sized prime number which makes it a good candidate for an exponent. From what I recall, you'd still need two coprime numbers `g` and `d` for calculating the modulus and performing asymmetric encryption. – h0r53 Mar 29 '22 at 20:58