JWK-Thumbprint (RFC 7638) defines a method for computing a hash value over a JSON Web Key (JWK).

JWK-Thumbprint defines which fields in a JWK are used in the hash computation, the method of creating a canonical form for those fields, and how to convert the resulting Unicode string into a byte sequence to be hashed. The resulting hash value can be used for identifying or selecting the key represented by the JWK that is the subject of the thumbprint.

The thumbprint of a JSON Web Key (JWK) is computed as follows:

  • Construct a JSON object RFC 7159 containing only the required members of a JWK representing the key and with no whitespace or line breaks before or after any syntactic elements and with the required members ordered lexicographically by the Unicode code points of the member names. (This JSON object is itself a legal JWK representation of the key.)
  • Hash the octets of the UTF-8 representation of this JSON object with a Cryptographic Hash Function H.

For example, SHA-256 might be used as H. The resulting value is the JWK-Thumbprint with H of the JWK.

More Information#

There might be more information for this subject on one of the following: