IETF Logo Mail Archive

Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

Daniel Migault <daniel.migault@ericsson.com> Tue, 17 January 2017 20:33 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6924B12946E for <curdle@ietfa.amsl.com>; Tue, 17 Jan 2017 12:33:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uu-iRb0vNEgd for <curdle@ietfa.amsl.com>; Tue, 17 Jan 2017 12:33:15 -0800 (PST)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 092A31294A1 for <curdle@ietf.org>; Tue, 17 Jan 2017 12:33:15 -0800 (PST)
Received: by mail-io0-x229.google.com with SMTP id l66so124526287ioi.1 for <curdle@ietf.org>; Tue, 17 Jan 2017 12:33:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=zPrwQfqmjaBOmEaS/pR82SoeVp7bRqSMDiDYueDH7HE=; b=PRIjzj9lQMwBsgTflJjry0q97IxM/uDgCJFXt9tFv0I7RRFotMVMHE4+2PwZjXg1f3 K3xVLaGT4PaMlDw+BlkUJisjkIXvEVln/wk8VptGDETXGLemvQmVsSb8ko1ndnxYqDjo FHGt9M8v8XaKqXoKBIhvskhVX4G0UotCTJv6P3rvUgomCNAJVuGXspZQcsypVZvGOmx3 1kYzppbP1si5bqbIoLexH/VEo1oEpjd6TFRRZX6wuX72QzsFjUhjoXyuMpZ25qKztFgB 6Ow2xpZO/33bEesdtNCGMQlYjxfhQsvYkJoE0ZD7v/q76ZyT3d3CvaIKZ9CzTVGQeB/N t+yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=zPrwQfqmjaBOmEaS/pR82SoeVp7bRqSMDiDYueDH7HE=; b=WjCzqFw2nLeN0QIiWE8p7QDPxDFGRaUfMdqlKBn8fbXkmnF6Ev4rxmfoFMDBHc3/1B wSzQVDJAAQVp1YpiW1d0/dU0ztHaiNVYbFAd4PVWtKyCQ8VlR5Xup4N8OP7OvFZdnufA tmMmJSh4H8TAkpoZVtN28uf8ETXvnrtG6mPGD6B1CIkTNilnQDp4YDb0qANY5U+OvRb+ eYBmQKxM9sly3//wcyTx9VLTjqM5Y8L75fjbcynmFGKn6fm/xSgoH/iew1Z4XBqzdBB6 israyhMgeOaNJ2KQ/zmW/b/CFrvHvJnyNfKMCMHcjn0RXD0RtTFFjPYZS08rpEu9URpu f2cw==
X-Gm-Message-State: AIkVDXKT41QBqS3scs4BCWM5Vo1kYuO9NZjSPv1InXSHZY8D4LditRWrIC8d8FTQ0ptFoAwKJnxqywJh/PDLfA==
X-Received: by 10.107.179.215 with SMTP id c206mr101762iof.35.1484685194078; Tue, 17 Jan 2017 12:33:14 -0800 (PST)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.107.5.201 with HTTP; Tue, 17 Jan 2017 12:33:13 -0800 (PST)
In-Reply-To: <035701d25a3f$a46ca9f0$ed45fdd0$@augustcellars.com>
References: <20161214105434.418FAADD1C@smtp.postman.i2p> <20161214121515.GA10791@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaCWAx8Vp67VZz4G5DQpTGf5DX-sMN+1i40acgCYT8_NVA@mail.gmail.com> <002501d25760$a75c0bb0$f6142310$@augustcellars.com> <CAF8qwaDzC8C0czSPrCdTgKH-3_YqW8KeVQ291p+SNcOo-NyGxg@mail.gmail.com> <CAF8qwaASPih==KC9NKSy6KtEeySjEf4ByM1JkzCuu2bF8EP1xQ@mail.gmail.com> <035701d25a3f$a46ca9f0$ed45fdd0$@augustcellars.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 17 Jan 2017 15:33:13 -0500
X-Google-Sender-Auth: GTUd8YCPqiOt4bGzU9PpAy-PLEI
Message-ID: <CADZyTk=PFHDU5R+AR6G7C9=Shd6hW8KQkAX7TqcM9YSRuYaEmw@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary="001a1148576698b18c054650358e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/HV877ZRDxnF3GywKh8unN22WfAg>
Cc: curdle <curdle@ietf.org>, David Benjamin <davidben@chromium.org>
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 20:33:17 -0000

Hi,

Please indicate if the text added by Jim clarifies the previous confusion,
and if we can close the thread.


My understanding of the text is:
"""the private key is wrapped in an CurvePrivateKey object """
CurvePrivateKey = OCTET STRING ( private key)
"""and wrapped by the OCTET STRING of the 'privateKey' field."""
privateKey = OCTET STRING (OCTET STRING (private key))

Am I correct ?

Yours,
Daniel


On Mon, Dec 19, 2016 at 4:34 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> In my local version, I have done the following:
>
>
>
> 1.       Changed EdPrivateKey to CurvePrivateKey.  I hope that this will
> not cause any confusion with the ECPrivateKey type defined in RFC5915.
>
> 2.      I have changed the last sentence in the paragraph mentioned below
> to
>         Thus when encoding a OneAsymmetricKey object, the private key is
> wrapped in an CurvePrivateKey object and wrapped by the OCTET STRING of the
> 'privateKey' field.
>
> 3.      I have also expanded the appendix with the private key example to
> have 1) the current PEM format, 2) an ASN.1 dump and 3) the value of the
> private key.
>
>
>
> I debated using the OKP (Octet Key Pair) which was used in JOSE and COSE
> but decided not to.
>
>
>
> Jim
>
>
>
>
>
> *From:* David Benjamin [mailto:davidben@chromium.org]
> *Sent:* Thursday, December 15, 2016 11:18 PM
> *To:* Jim Schaad <ietf@augustcellars.com>
>
> *Cc:* curdle@ietf.org
> *Subject:* Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
>
>
>
> So we don't end up with two variants of this floating around (this thread
> gives one data point of the current text being misinterpreted), What do you
> think about these editorial changes?
>
>
>
> 1. In the paragraph beginning "For the keys defined in this document
> [...]", add a sentence like "Note the opaque byte sequence is wrapped in
> OCTET STRINGs twice in total."
>
>
>
> 2. EdPrivateKey sounds like this only applies to Ed* rather than both Ed*
> and X*. It should probably be renamed. But the best name I can come up with
> right now is PrivateKeyWrapper, which is terrible. Another option is to
> avoid defining a type and just say:
>
>
>
>    For the keys defined in this document, the private key is always an
>
>    opaque byte sequence.  This is encoded in a OneAsymmetricKey
>
>    object by wrapping the sequence in an ASN.1 OCTET STRING
>
>    and placing its DER encoding in the 'privateKey' field. Note that
>
>    'privateKey' is itself an OCTET STRING, so the original byte
>
>    sequence is wrapped in OCTET STRINGs twice in total.
>
>
>
> David
>
>
>
> On Fri, Dec 16, 2016 at 1:56 AM David Benjamin <davidben@chromium.org>
> wrote:
>
> Ah, yes, I see OpenSSL has already shipped code which serializes X25519 in
> this way, as early as OpenSSL 1.1.0 in September. That's unfortunate. It
> would have been preferable to avoid this confusing double wrapper, but so
> it goes I guess.
>
>
>
> David
>
>
>
> On Fri, Dec 16, 2016 at 12:53 AM Jim Schaad <ietf@augustcellars.com>
> wrote:
>
> I believe that the OpenSSL people would be sad if we changed this at this
> time.  I did some interop testing with their developers before the last
> version was released and the OCTET STRING wrapper on the private key is
> what we were doing at the time.
>
> Jim
>
> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of David Benjamin
> Sent: Wednesday, December 14, 2016 5:23 AM
> To: Ilari Liusvaara <ilariliusvaara@welho.com>; str4d <str4d@i2pmail.org>
> Cc: curdle@ietf.org
> Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
>
> On Wed, Dec 14, 2016 at 7:15 AM Ilari Liusvaara <mailto:
> ilariliusvaara@welho.com> wrote:
> On Wed, Dec 14, 2016 at 10:54:34AM +0000, str4d wrote:
> > Hello,
> >
> > I am currently updating my EdDSA Java library to implement the current
> > spec for key encoding [0] (previously I used
> > draft-josefsson-pkix-eddsa-04 for public keys, and the equivalent in
> > PKCS#8 format for private keys). The example public key given in
> > draft-ietf-curdle-pkix-03 [1] passes my tests, however the example
> > private key [2] does not.
> >
> > It appears that the private key material within the example is 34 bytes,
> > but according to Section 3.2 of draft-irtf-cfrg-eddsa-08 [3] (which
> > AFAICT the present draft defers to for encoding), the private key is the
> > b-bit seed k, which is 32 bytes.
> >
> > Am I missing something? If the example keys in the present draft are
> > correct, it would be helpful to add a reference that clarifies their
> > exact encoding.
>
> Apparently the key is wrapped in OCTET STRING twice for some reason,
> so the length is actually 32 bytes (the first 2 are second OCTET STRING
> header).
>
> Is it too late to change that / was there any particular reason for this?
> Not that saving or using two bytes really matters, but it seems unnecessary
> when we already have an OCTET-STRING-shaped hole to put our octet string in.
>
>
>
> David
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>

v2.23.0 | Report a Bug | By Email