Re: [jose] Platform Support for JWA Crypto Algorithms
Axel Nennker <ignisvulpis@gmail.com> Mon, 29 October 2012 23:41 UTC
Return-Path: <ignisvulpis@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23ED21F8673 for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 16:41:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qk3JT5nC0VT8 for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 16:41:14 -0700 (PDT)
Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com [74.125.82.42]) by ietfa.amsl.com (Postfix) with ESMTP id CC4B921F863F for <jose@ietf.org>; Mon, 29 Oct 2012 16:41:13 -0700 (PDT)
Received: by mail-wg0-f42.google.com with SMTP id fm10so1732210wgb.1 for <jose@ietf.org>; Mon, 29 Oct 2012 16:41:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=HSw4AhBH8HnEnfu5qQIGgN947RyFL65GAOTtBPIhjr8=; b=Y7okV0Qkzv+NwpOwYxsTsrgebJomBxSMO5bGROsseqO8R+4CSKGKV0bDVw50+G1RU7 t+UmPNjdhd0/bgcAsfQiJLRBQ1YyQT0LO3U/PLHPOOgkG7qXYad6dnbMxypLZwBwMvF5 aqayc+kE9hLgWkAiajmO8MH7Iq2wCuXL/2RIAkyoIzVIy+u5NDorb0jZEO+s0zL119V0 uUr+g5LxBQjIWc0K3urhg50KiF1PbB3EmvHnOVODa58cVDosde9Ch8ok5XlWEE7pqQ28 HgGDIXgSNOkMusybyVGp5YP7KJ+8USRY8GiiI/iu8NlCqDIf2gY3DKZmJlFlNt2NZSEa 44zw==
MIME-Version: 1.0
Received: by 10.216.207.170 with SMTP id n42mr16812340weo.173.1351554072793; Mon, 29 Oct 2012 16:41:12 -0700 (PDT)
Received: by 10.216.54.130 with HTTP; Mon, 29 Oct 2012 16:41:12 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436688296F@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B168042967394366880D09@TK5EX14MBXC285.redmond.corp.microsoft.com> <CE8995AB5D178F44A2154F5C9A97CAF40252198DCF55@HE111541.emea1.cds.t-internal.com> <4E1F6AAD24975D4BA5B16804296739436688123A@TK5EX14MBXC285.redmond.corp.microsoft.com> <CE8995AB5D178F44A2154F5C9A97CAF40252199B9114@HE111541.emea1.cds.t-internal.com> <BF7E36B9C495A6468E8EC573603ED94115076832@xmb-aln-x11.cisco.com> <4E1F6AAD24975D4BA5B16804296739436688296F@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Tue, 30 Oct 2012 00:41:12 +0100
Message-ID: <CAHcDwFwAD-EJBytkYE0q0GPZduKJUnvO8s69wTbZjZt2Cgo+Lg@mail.gmail.com>
From: Axel Nennker <ignisvulpis@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>, jose@ietf.org
Content-Type: multipart/alternative; boundary="0016e6dd8bd967536904cd3b34b1"
Subject: Re: [jose] Platform Support for JWA Crypto Algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 23:41:14 -0000
Maybe that is the way to go then: In http://tools.ietf.org/id/draft-ietf-jose-json-web-algorithms simply state there that the CIK is CIK = SHA256(0, 0, 0, 1, CMK, 0, 0, 1, 0, 65, 49, 57, 50, 67, 66, 67, 43, 72, 83, 50, 53, 54, 73, 110, 116, 101, 103, 114, 105, 116, 121)[0-255] CEK = SHA256(0, 0, 0, 1, CMK, 0, 0, 1, 0, 65, 50, 53, 54, 67, 66, 67, 43, 72, 83, 50, 53, 54, 69, 110, 99, 114, 121, 112, 116, 105, 111, 110)[0-255] Similar for SHA512. General rule: use a digest that produces enough or more bits as needed for the cik or cek. NOTE (non normative) that this happens to be the same as the concat KDF as defined in NIST.800-56A for the given bit lengths Axel 2012/10/29 Mike Jones <Michael.Jones@microsoft.com> > > The "PB" in PBKDF2 is "Password Based". This and related KDFs generate keys from passwords rather than other keys, and so are not applicable for this use case. > > For lack of a commonly implemented key-based KDF, we chose a very simple one that only requires support for SHA-256 and SHA-512 to build for our use cases. (Heck, for our use cases, implementations don't even require a loop - just a single hash calculation over the input.) I already know of 5 interoperable implementations at this point. It's just not that hard. > > See the example calculations in http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06#appendix-A.4and http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06#appendix-A.5to see how simple it actually is. > > -- Mike
- [jose] Platform Support for JWA Crypto Algorithms Mike Jones
- Re: [jose] Platform Support for JWA Crypto Algori… Axel.Nennker
- Re: [jose] Platform Support for JWA Crypto Algori… Mike Jones
- Re: [jose] Platform Support for JWA Crypto Algori… Axel.Nennker
- Re: [jose] Platform Support for JWA Crypto Algori… Matt Miller (mamille2)
- Re: [jose] Platform Support for JWA Crypto Algori… Mike Jones
- Re: [jose] Platform Support for JWA Crypto Algori… Axel Nennker
- [jose] NIST Concat KDF Manger, James H
- Re: [jose] Platform Support for JWA Crypto Algori… Matt Miller (mamille2)
- Re: [jose] Platform Support for JWA Crypto Algori… Axel Nennker
- Re: [jose] Platform Support for JWA Crypto Algori… Matt Miller (mamille2)
- Re: [jose] Platform Support for JWA Crypto Algori… Wan-Teh Chang
- Re: [jose] Platform Support for JWA Crypto Algori… Axel Nennker
- Re: [jose] Platform Support for JWA Crypto Algori… Mike Jones
- Re: [jose] NIST Concat KDF Manger, James H
- Re: [jose] NIST Concat KDF Richard L. Barnes
- Re: [jose] NIST Concat KDF Michael Jones
- Re: [jose] NIST Concat KDF Manger, James H
- Re: [jose] NIST Concat KDF Michael Jones
- Re: [jose] NIST Concat KDF Richard L. Barnes