IETF Logo Mail Archive

[CFRG] HPKE and Key Wrapping

John Mattsson <john.mattsson@ericsson.com> Tue, 29 March 2022 09:05 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC3293A1805 for <cfrg@ietfa.amsl.com>; Tue, 29 Mar 2022 02:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAuvs53PRsqI for <cfrg@ietfa.amsl.com>; Tue, 29 Mar 2022 02:05:36 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03on062f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0a::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49C253A180A for <cfrg@irtf.org>; Tue, 29 Mar 2022 02:05:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WUXdgcSbFEfKh7hpwxRs1BNz0GI7RZaqjWi4Vutr+Vy0P0yccImwx/xChd3BZvPgrIYqPNmDkWMz7AHrIobuc1fmdA4PyI650Rp64aihBUGhJ2UxAj6D/Yy0DnG/PreBP2ZxPB1RKohfjSJRXk19qlCJ/4JzzCzpnNfjkkQBRcsZ5FCC6NXwwh1Kb/DYL9zpvrnSay5x/B18o/6hkQusUZJuQ9D3RIYTZo3Pcp9R06qYxtzQpX71P/OZ3XqIy9vgy7Z3LVAxEc4P+vDHDBc6ycVO4xLc5fI32dEdhAHsRJBAKNWlMOhiwuIuQDntZwTWBmUro7q5S6yLQyvIor3wyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b8yIZn+MKIPWf2Bf4DCeEE7JQKWscDKcPzrRReDW9Gc=; b=InkmShIFJFQQjLM1pQV/S3U1jRHjkGP7Epp2hDyNK1HQVxiOeGFQdT73xMUokQElpptBl6xClgIjk++IYA6EDz1vmaHQZKxn3T0eZuArk01Fzb88minqJ9IA13Hjq/m6LBILU4wQFOM6xG/o9FsVKrLCHC3NlGOtjw5HAsOs25Y0QsUBPn9NLvge0vCFvVGto2SEulgs5YpqHqaTgu1DcQir12NCXsJ8IAZDJX4jozBqjfGGdKtiy3SKPRT8YBAQIlaH2/KGXN5sdaTBg2LCJw/32MgW0a40ihlHFAU9wQIXDze4RGfadvLYrStECT+8tA5f5C1Ht+10S2UPvOixvg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b8yIZn+MKIPWf2Bf4DCeEE7JQKWscDKcPzrRReDW9Gc=; b=PdzBHb2PbAaw7KdR/4zjmHnyMeY6vGvFS8sIcnHnrZBCD8M/EcemIYz32V5eEJaHw8qY5ei8ZVtVtBbTQTZ8QgsBakBHQfjjFRkdlYOSR5pTfdEqkSVgSel5qA5FXbo11Sc2oE9VlYBj95SmPD8YZVMQZwcWz5cA1QuYwBETX+A=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR07MB3212.eurprd07.prod.outlook.com (2603:10a6:7:34::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.16; Tue, 29 Mar 2022 09:05:31 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c%7]) with mapi id 15.20.5123.016; Tue, 29 Mar 2022 09:05:31 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: IRTF CFRG <cfrg@irtf.org>
Thread-Topic: HPKE and Key Wrapping
Thread-Index: AQHYQ0u7KP9IsmRXD0Kbvf1+Gh7oQw==
Date: Tue, 29 Mar 2022 09:05:30 +0000
Message-ID: <HE1PR0701MB3050AFD941AABAB80D7EC31E891E9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 100d58bb-42cb-47d8-6409-08da1163469a
x-ms-traffictypediagnostic: HE1PR07MB3212:EE_
x-microsoft-antispam-prvs: <HE1PR07MB3212AF0E419ADF84BCAD0463891E9@HE1PR07MB3212.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TJDdOKw/EEm9v9teFb2yIu7QFJLtKh5IEY6SeU7RlyxqDkg/t6j7MxGUgOZn1GqTK29NUKKrXNNxfor0stxlFsZ6ByF8XPThCzXcw+U1r/JHMwoxEDSCtjnDYAVGmspadqZxIN+x8XVsDekGtrQ4GmVVvsuWepdalQ5wPTeqNmSXkHO/VZnyOu76j+vuUUb+HV9ajIOzUFi+BL63MPdtf0K906IRQRZ9MCMGXsgqCTItHkMUrv9wN9kHOMEpw8ARmBdjonSjDuEUXKZPrBfQZLLFQp/jNx6+nl4PmccBAyZBdkdefmRvVWCNfyxf8j7ZoPE0+674E6jXObz7YkBCrkdxqrajkn5TayShxw0uiZ62ykfzaYcztAaOVsz1lSjhKHpUhVsNI/ECakDfYUBmQoLwHZ4pbANLYjgFM5OVDe+7g2EP82pDQMVYJvGAIFA9sL0W5cmdVYGN+jVwNb96iFLrIKKMzDrJo2Rm+GVavzWBBN4nTaDMidwgfjLhRZA7ixS8XM8OCFq9XBg0R9mOwy5FF/ExEyxKtR+0Ptq68ZLtj2kOpS6mOeZ8AV+lgDgLG3aUznccLUzl5xBpRH6Fcf0BagYp2wFk8C4iuP4RkYMG3+zucuRdm2RGhT+8DV2aM6UPtqhjscq4nmA6Rb2FtmGtEydGvUsT7xLUa5xQJOIti5Lae5yCE4iDk5+fJI1mBWqJ4FaypeovY9KN5Vj0nZdFMwIwQvXLvNJfxmll9oNlmkb9xyISzeaik5H6r782dGjPDP3/KG2n4zkLle7wGmaGi6Mm62R+LWnLLQBWgpT1t2Ju5lZEGhRaenggsxjP8fToKuyBe38US7LRbCSlALtxT6BqB6QrnqEWBj2OKvbLHPOFOSE+31d2icUTbexA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(86362001)(66556008)(66446008)(76116006)(2906002)(66946007)(91956017)(66476007)(82960400001)(5660300002)(8936002)(122000001)(38100700002)(52536014)(64756008)(8676002)(44832011)(38070700005)(7696005)(26005)(9686003)(6506007)(186003)(3480700007)(316002)(6916009)(966005)(45080400002)(33656002)(55016003)(71200400001)(508600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rxs1YANmaiNlig/3+zYSHV8aQcqsdilnMXlzCVo+nZoDW2qTYBDNiaZGRKBuK6Xe7r+CM3Pk6/HnFOt/lIfOpSsBtlQ35kDfsjCkqE5r8sn9s3ldtesJY/xks9eKMRvi1H+8H+tqQ2D8FiMliCrG3WIHarYjP00kiXrs+JRt9wnsNpXfiIha8APhpU5GT74OPgW0DJzbjY1XiRhIDkakTAPUAiM5gNiO+eLhKEHuEAWSdKK7Ngr5gRtDRTwGmlmj7MFaeiF6G/PMpsGHVrqqSHqvmfqYZZkfnhi7nsDM+xizpswllF8zvtp5XOBLaZ4RVRmHm7BesTtKyYQTcy5W8gjqnXzotigqNeIjwh8v3tOMykRSUCmtNveT0/881J/tm03o54JCFpMHucb2oFMbyV1XXSXCba3MxEa5vu6hdM4K4Qd+uJIdr61M9l56s2x4EgMv9is3M8DlD4fhufKeviaVfTSosxfDHf7e3ZZ3nnaLhgdS4iv+WeM611eZSMa5jblNdkVTba94cyOkzPfmnc5qCMkhs8bpgtD9XN0+nxe9HXJEo+Di5Y2I1aE3FMTSBwHVZjIP4L7YCC59eQSNNkJBgpNYGs3AOEmHNtOOjDl4QBwE8uJsYzL4Z0cDSI+QdyCWGX7DxwXLuIU0WrhTIE/1vC6s6h8bkOdymXnMes6+HQUqbvIuqonNsqoi9MOLaSqQPwX4Puqf14rtxvwzSmzZBwtBWJ48iuAZgg75l3F2nFbHDNud7ggkWqtrIOKgnnmBL/NmE4XwNprE6gRxkdrKxXOqVzEO04/T9BvCZQsCtsTyAKpzHkp/xCZsKwPvMTFS2PF2bdZ6XuMOxhYX4iC7IZgkMAll6bJLU3Ka9Ubd2hJ5+j6hPgsk4kYUo9P6qoqRwlCMWIFF4oMJXtc8RZCHE4G0yKpElKMYmcepHSjQib7N2uydW3Vuxfxrb9VNjRnMg3XFBJ3BJhrmzN141HngpFkRqdGVpTE/NWOAqDwGuCVOYCro10mEyCi5jmXzg42/Tl3r+TApMsA7vc5fN/6UXcYpZAoNlXdhfGw7traZT0lzB6ULxxMSfrzWkWDmRLNDU20nlnwPc+GjAKxr3uWh2evJpkoKh67+Cbg8lVM2kLH/F7RJ+Vbk1ckAqHocv5/3KGVnwQfs5VPUTa+bzE/41nQEMLLGNchfbZsDy9NpAgzFXCdpePbWIaLzkSmtajl6nHPlU4ufx+H5Jab9I6e6K4SN4b/QZY6/r+u8xGnmqfWw9FVHgUN1otm3r94g+E10WrO4ICzu3g1JyaDnCUXEpgn5bwn+rgUFLE4DP+pV4tJTgWFSuqt1JCF77aFDd4A03lhxurYnMPnWE4GvTqtqu8dmauT+GS6dM21b8zA7J+K6cl44WzwV51yCM9KwspjH9eqw1rxfnHE1qCrlQ3Dh+KRst+yUIX/Wj3/UIMSxMJ8qOR4Q2Ff9xqp+VpK8Tgi8+P0ehIPM6ABYa+mTcABetwg/wfvbUi7c9DEEKo6sSs5LVc5xLMjTB3Fx7SqEliuafc1jz5FggHQGNE5vD73+3dg4Vu5OFOuUO8HK7JQ+Hi17PaxH9kLkkX4G3bOjAsO8X/NbyuMlWuRRfza8ehQ6S6EEhPDaIREpe1HDiYZLk54vDQRa6xvYn/l5WBMeIZl/mtjTCSUtE0zGT1vWVJo2zRTt7oVe/vlYvEw6AO29st0l4xs4BHhNxn/EiIuNzorbp3nhDRMkebwkBqYPiWM7LfnMdIuyS7kdlWPkX9UhfSruZj8GfLC3IMOZwE0d
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050AFD941AABAB80D7EC31E891E9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 100d58bb-42cb-47d8-6409-08da1163469a
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2022 09:05:30.6398 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uZGiYlimUiJyKhIRTYdeGm4jxmWdENk7ELy8oBvwLXgBAEg/MQayTBgolf9UJmv0MVrZDW7/SLe3JQpMMdIGmgxdyd7nczOHnXmSWSfLHaM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3212
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/dUlnsUyBd8ROaeJ08VIMHzzpVF4>
Subject: [CFRG] HPKE and Key Wrapping
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2022 09:05:48 -0000

Hi,

Dan Harkins draft and presentation made me think about HPKE and key wrapping.
https://datatracker.ietf.org/doc/html/draft-harkins-cfrg-dnhpke-01

AES-SIV could be used for this, but the algorithms currently approved by NIST for key wrapping are AES-KW and AES-KWP.

https://datatracker.ietf.org/doc/html/rfc3394
https://datatracker.ietf.org/doc/html/rfc5649
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf

For asymmetric key wrapping. AES-KWP is often used with RSA-OAEP (which NIST calls KTS-OAEP: Key-Transport Using RSA-OAEP in SP 800-56Br2).

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf
https://cloud.google.com/kms/docs/key-wrapping
https://microsoft.github.io/CCF/release/1.x/js/ccf-app/interfaces/global.rsaoaepaeskwpparams.html

I think HPKE is the future of asymmetric encryption including asymmetric key wrapping.

Would it make sense to standardize AES-KWP for HPKE or do CFRG believe that AES-SIV is the future of key wrapping? Irrespectively I think the CFRF should produce a good recommendation on how to use HPKE for key wrapping.

Cheers,
John

v2.23.0 | Report a Bug | By Email