The SignedSecureElementProtectedHeader object is a JWS protected header that describes
how to verify the signature. While RFC 7515 section 4.1 lists out the available header members
for a JWS, only the ones listed here will be used.
Describes the key type used to sign the payload. See RFC 7518 section 3.1. Only public key
algorithms will be used.
kid
Encoded Subject Key Identifier (RFC 5280 section 4.2.1.2) of the key used to sign
the payload. This is the BASE64URL encoding of the subject key identifier value,
not the full extension. Used to help identify the key for verification. kid is a
free-form field in the JWS standard (see RFC 7515 section 4.1.4), so this definition applies
only to the SignedSecureElement object.
x5t#S256
SHA-256 thumbprint (a.k.a. fingerprint) of the certificate for the public key
required to validate the signature. Like kid, it can also be used to help
identify the key for verification. See RFC 7515 section 4.1.8.