Re: [jose] Std Java key representation of OKP in draft-liusvaara-jose-cfrg-curves-00

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 24 December 2015 16:51 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E53481A01F4 for <jose@ietfa.amsl.com>; Thu, 24 Dec 2015 08:51:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FozNRFEsjt_G for <jose@ietfa.amsl.com>; Thu, 24 Dec 2015 08:51:26 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BA471A01D8 for <jose@ietf.org>; Thu, 24 Dec 2015 08:51:25 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id p187so182987445wmp.0 for <jose@ietf.org>; Thu, 24 Dec 2015 08:51:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=+94axhuo/261t0IqwP5qYPMggzOTsmSquJhto5EX+gc=; b=FZHFeQ4TnDQs8Jk4iH++SS5OH0DIJXiJMMQHdraYIv/XHXVif2IBijIDUyldNN/evJ xSp/jbcD326tvNZUPXWTBmJlzlV6GHXslSxn/32msQE4vz7wBHG2IDJoVtM0yqDu/OCk i06gLGvrUDQTQ+Q0dYnodwAmam3Smke3/JIbYNmRC2X0Eze3Ww5Ohuhztmu9XNWcXVyg BcUM0cdC362Q4u9LcsFFXQ7V6eG3iJiMktjL4uM4XZZSxLgfv4MK69FlX8ROtC7PBFPX ziAdk7yLrOV7n9cOcUi4vdASRm1FXSVEdS5kp0W9TySFuTm3+sp/snr+/jNuAbimlrSt 6Viw==
X-Received: by 10.28.3.133 with SMTP id 127mr43760209wmd.101.1450975884473; Thu, 24 Dec 2015 08:51:24 -0800 (PST)
Received: from [192.168.1.79] (132.201.130.77.rev.sfr.net. [77.130.201.132]) by smtp.googlemail.com with ESMTPSA id m128sm23304775wma.24.2015.12.24.08.51.23 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 24 Dec 2015 08:51:23 -0800 (PST)
To: Vladimir Dzhuvinov <vladimir@connect2id.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
References: <00e001d13d1b$09519d50$1bf4d7f0$@augustcellars.com> <20151223064653.GA24022@LK-Perkele-V2.elisa-laajakaista.fi> <567A49F3.8050500@gmail.com> <20151224054643.GA25322@LK-Perkele-V2.elisa-laajakaista.fi> <567BCEB6.3040609@connect2id.com> <567BE989.8020800@gmail.com> <567C0338.50907@connect2id.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <567C2285.4050109@gmail.com>
Date: Thu, 24 Dec 2015 17:51:17 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <567C0338.50907@connect2id.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/XwfFnCrpuSwnZH-LWxUy58O0cow>
Cc: jose@ietf.org
Subject: Re: [jose] Std Java key representation of OKP in draft-liusvaara-jose-cfrg-curves-00
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Dec 2015 16:51:28 -0000

On 2015-12-24 15:37, Vladimir Dzhuvinov wrote:
>
>
> On 24/12/15 14:48, Anders Rundgren wrote:
>> On 2015-12-24 11:53, Vladimir Dzhuvinov wrote:
>>> Hi Ilari,
>>>
>>> Thank you for making this new contribution to the JOSE suite.
>>>
>>> The Java library for JOSE that I maintain includes methods for
>>> converting
>>> between JWK instances and the standard Java types for representing
>> keys.
>>> My reading of the spec is that the established Java DHPublicKey
>>>
>> <https://docs.oracle.com/javase/7/docs/api/javax/crypto/interfaces/DHPublicKey.html>
>> /
>>> DHPrivateKey
>> <https://docs.oracle.com/javase/7/docs/api/javax/crypto/interfaces/DHPrivateKey.html>
>>> interfaces would be the best match for the proposed "OKP" JWK. Does
>> this make sense?
>>
>> Hi Vladimir,
>>
>> Is your goal to eventually make this a part of standard java?
> For now I just want to figure out how these algs can be implemented in
> Java, and if it's possible to do that in a way that fits established
> interfaces, frameworks and conventions. The representation of the keys
> is one aspect of that.
>
> Making this part of standard Java is a serious commitment. I'm not ready
> and qualified to go that far :) I'm not familiar with the standard
> making process either.
>
>> I would be interested in cooperating on a OpenJDK contribution.
>>
>> Regardless of that my experiences with named EC curves in Java
>> (without BouncyCastle installed) would speak against reusing DH*
>> since there is no place for "crv" (or whatever it will be called...)
>> and "x" is called Y.
>>
>> https://docs.oracle.com/javase/7/docs/api/javax/crypto/spec/DHPublicKeySpec.html
>>
>>
>> I would therefore consider starting with a new key type (OKP*).
>
> How would you name this?

I would name keys OKPPrivateKey and OKPPublicKey which in turn
would extend PrivateKey and PublicKey respectively as well as a new type OKPKey.

  In Java, as opposed to JWK, the public and
> private parts are represented separately. "octet" qualifies the
> encoding,

The encoding is actually quite a problem since JCE [more or less] builds
on PKCS #8 for private keys and SPKI for public keys and these are not
(yet) standardized.  Yes, the Java KeyStore won't work either until there
is a working PKCS #12 which I believe builds on PKCS #8 and X.509/SPKI.
However, using JWK you could create a public key like:

KeyFactory.getInstance("OKP").generatePublic(new OKPPublicKeySpec(curve, x));
where curve would be a String and x byte[]

Reusing DH may be possible but I think it creates more problems than it solves :-)

OTOH, the more I think of it...I wonder if it is not better simply creating
concrete classes for OKPPublicKey and OKPPrivateKey rather than interfaces and
not bother about JCE at this early stage:

OKPPublicKey publicKey = new OKPPublicKey(curve,x);

if (myKey instanceof OKPKey) {
   // run special code
} else {
   // use JCE
}

Anders

> and because of this I'm not sure it should be part of the
> class name. EdCPublicKey / EdCPrivateKey? (EdC = Edwards-Curve)




>
>
>>
>> If something "standard-ish" is the target, I would try to get some
>> feedback on an early proposal.
>>
>> Regards,
>> Anders
>>
>>>
>>> The current JWK types map as follows:
>>>
>>>    * "OCT" JWKs map to / from javax.crypto.SecretKey
>>>
>>>    * "RSA" JWKs map to / from
>>> java.security.interfaces.RSA{Public|Private}Key
>>>
>>>    * "EC" JWKs map to / from
>>> java.security.interfaces.EC{Public|Private}Key
>>>
>>>
>>> Can you recommend Java implementations of the new algs? I'm looking
>>> for a good place to start in order to add support for them in JOSE.
>>>
>>> Thanks,
>>>
>>> Vladimir
>>>
>>> --
>>> Vladimir Dzhuvinov
>>>
>>>
>>>
>>> _______________________________________________
>>> jose mailing list
>>> jose@ietf.org
>>> https://www.ietf.org/mailman/listinfo/jose
>>>
>>
>