IETF Logo Mail Archive

Re: [jose] Std Java key representation of OKP in draft-liusvaara-jose-cfrg-curves-00

Vladimir Dzhuvinov <vladimir@connect2id.com> Thu, 24 December 2015 14:37 UTC

Return-Path: <vladimir@connect2id.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A28C61AC415 for <jose@ietfa.amsl.com>; Thu, 24 Dec 2015 06:37:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MI4TGYSfO3c3 for <jose@ietfa.amsl.com>; Thu, 24 Dec 2015 06:37:48 -0800 (PST)
Received: from p3plsmtpa08-02.prod.phx3.secureserver.net (p3plsmtpa08-02.prod.phx3.secureserver.net [173.201.193.103]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 312871AC40D for <jose@ietf.org>; Thu, 24 Dec 2015 06:37:48 -0800 (PST)
Received: from [192.168.0.112] ([77.77.164.50]) by p3plsmtpa08-02.prod.phx3.secureserver.net with id xSdl1r00D15ZTut01Sdmvk; Thu, 24 Dec 2015 07:37:47 -0700
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
References: <00e001d13d1b$09519d50$1bf4d7f0$@augustcellars.com> <20151223064653.GA24022@LK-Perkele-V2.elisa-laajakaista.fi> <567A49F3.8050500@gmail.com> <20151224054643.GA25322@LK-Perkele-V2.elisa-laajakaista.fi> <567BCEB6.3040609@connect2id.com> <567BE989.8020800@gmail.com>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
X-Enigmail-Draft-Status: N1110
Organization: Connect2id Ltd.
Message-ID: <567C0338.50907@connect2id.com>
Date: Thu, 24 Dec 2015 16:37:44 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <567BE989.8020800@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/SQeuRuqYyFphYWneHDv-9UbDKc8>
Cc: jose@ietf.org
Subject: Re: [jose] Std Java key representation of OKP in draft-liusvaara-jose-cfrg-curves-00
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Dec 2015 14:37:49 -0000


On 24/12/15 14:48, Anders Rundgren wrote:
> On 2015-12-24 11:53, Vladimir Dzhuvinov wrote:
>> Hi Ilari,
>>
>> Thank you for making this new contribution to the JOSE suite.
>>
>> The Java library for JOSE that I maintain includes methods for
>> converting
> > between JWK instances and the standard Java types for representing
> keys.
> > My reading of the spec is that the established Java DHPublicKey
> >
> <https://docs.oracle.com/javase/7/docs/api/javax/crypto/interfaces/DHPublicKey.html>
> /
> > DHPrivateKey
> <https://docs.oracle.com/javase/7/docs/api/javax/crypto/interfaces/DHPrivateKey.html>
> > interfaces would be the best match for the proposed "OKP" JWK. Does
> this make sense?
>
> Hi Vladimir,
>
> Is your goal to eventually make this a part of standard java?
For now I just want to figure out how these algs can be implemented in
Java, and if it's possible to do that in a way that fits established
interfaces, frameworks and conventions. The representation of the keys
is one aspect of that.

Making this part of standard Java is a serious commitment. I'm not ready
and qualified to go that far :) I'm not familiar with the standard
making process either.

> I would be interested in cooperating on a OpenJDK contribution.
>
> Regardless of that my experiences with named EC curves in Java
> (without BouncyCastle installed) would speak against reusing DH*
> since there is no place for "crv" (or whatever it will be called...)
> and "x" is called Y.
>
> https://docs.oracle.com/javase/7/docs/api/javax/crypto/spec/DHPublicKeySpec.html
>
>
> I would therefore consider starting with a new key type (OKP*).

How would you name this? In Java, as opposed to JWK, the public and
private parts are represented separately. "octet" qualifies the
encoding, and because of this I'm not sure it should be part of the
class name. EdCPublicKey / EdCPrivateKey? (EdC = Edwards-Curve)


>
> If something "standard-ish" is the target, I would try to get some
> feedback on an early proposal.
>
> Regards,
> Anders
>
>>
>> The current JWK types map as follows:
>>
>>   * "OCT" JWKs map to / from javax.crypto.SecretKey
>>
>>   * "RSA" JWKs map to / from
>> java.security.interfaces.RSA{Public|Private}Key
>>
>>   * "EC" JWKs map to / from
>> java.security.interfaces.EC{Public|Private}Key
>>
>>
>> Can you recommend Java implementations of the new algs? I'm looking
>> for a good place to start in order to add support for them in JOSE.
>>
>> Thanks,
>>
>> Vladimir
>>
>> -- 
>> Vladimir Dzhuvinov
>>
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>

-- 
Vladimir Dzhuvinov :: vladimir@connect2id.com

v2.23.0 | Report a Bug | By Email