Re: [OAUTH-WG] [OT] Validation of JWE spec Appendix 1
Brian Campbell <bcampbell@pingidentity.com> Sat, 03 May 2014 13:37 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CDC41A00C0 for <oauth@ietfa.amsl.com>; Sat, 3 May 2014 06:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NtZJjiGSjxHA for <oauth@ietfa.amsl.com>; Sat, 3 May 2014 06:37:24 -0700 (PDT)
Received: from na3sys009aog114.obsmtp.com (na3sys009aog114.obsmtp.com [74.125.149.211]) by ietfa.amsl.com (Postfix) with ESMTP id 52EAD1A00B6 for <oauth@ietf.org>; Sat, 3 May 2014 06:37:24 -0700 (PDT)
Received: from mail-ie0-f170.google.com ([209.85.223.170]) (using TLSv1) by na3sys009aob114.postini.com ([74.125.148.12]) with SMTP ID DSNKU2TxEeXbeU0U2CMe9bznnNedHATJJu0D@postini.com; Sat, 03 May 2014 06:37:22 PDT
Received: by mail-ie0-f170.google.com with SMTP id rd18so6319252iec.29 for <oauth@ietf.org>; Sat, 03 May 2014 06:37:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=2f/Bh/jyWZCf0fYO+FwVUqbKOdo6rX+h3skFHpSDWiM=; b=JSgtdm9b5oYPLd44jkjiPxFTJt6nkibjOeLKB+iO1c0VgRVCdiYreBFZ96SratD+pi mKnThho5dZ3QljAKwsL+sGMIQ7JF45Ds2u8VqOoLQTVOB9WR4YOuDfunS5HmwnJw+/A1 qSahxJMlE3oivRl4DWwepFWdUI/RVHDFzSQKTxAtE3Y7anYFZfYXwYs1cedLiqotG8p1 t2LUCxL+AfIkCEQR0oC9sacmb3f/1Ux8QyIneEturdK4PLez4JvCTKvI2EFctf6fViEt /ePx9OWTI5pkwz3OW1HvcqNRw0t6CilTDWIixVoH6s1y8ksOQUjKC0r+qifhdlWwMoH4 9mGA==
X-Gm-Message-State: ALoCoQkpKr8VX5iWrSzQ95aQZ9K6MoZvo/UMrctOtV0Emh7diGBEO1m7r11wnaIDry4rIoqtFg2ZpQdhb1xIlPNaY6C1OtqgNewpctHmaKi11UVp3z/CSyAQbpYBmjMude3KZHzr/FRN
X-Received: by 10.42.136.130 with SMTP id u2mr21852738ict.51.1399124241336; Sat, 03 May 2014 06:37:21 -0700 (PDT)
X-Received: by 10.42.136.130 with SMTP id u2mr21852727ict.51.1399124241184; Sat, 03 May 2014 06:37:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.240.201 with HTTP; Sat, 3 May 2014 06:36:51 -0700 (PDT)
In-Reply-To: <5363C88E.5070209@gmail.com>
References: <5363C88E.5070209@gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Sat, 03 May 2014 07:36:51 -0600
Message-ID: <CA+k3eCSG8E5918RqiHG5fqLV-gs3kTofuAng6yBM15_rn+35SA@mail.gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>, "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary="90e6ba6e8c0664988004f87eff32"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/DX-E1w2OD3ZLBPxns8_6J8Ubir8
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [OT] Validation of JWE spec Appendix 1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 May 2014 13:37:26 -0000
Hi Sergey, This question might be more appropriate for the JOSE WG [0] list (which I've cc'd) as JWE is being developed there. Some of the algorithms, RSAES OAEP being one of them, are probabilistic encryption schemes which incorporate some element of randomness to yield a different output even when encrypting the same content multiple times. So the behavior you are observing is to be expected. That means that exactly reproducing the various steps of the examples in the specs will not be possible in some cases. I was recently discussing this off list with Matt Miller, the author of the JOSE Cookbook [1], and my suggestion was to have the cookbook just make note of which examples, or which parts of which examples, can't be easily reproduced due to non-deterministic algorithms. I think that your question here suggests that that idea might well provide utility to users/readers of that document. Hope that helps, Brian [0] http://tools.ietf.org/wg/jose/ [1] http://tools.ietf.org/html/draft-ietf-jose-cookbook-02 On Fri, May 2, 2014 at 10:32 AM, Sergey Beryozkin <sberyozkin@gmail.com>wrote: > Hi, > > I'm starting experimenting with JWE, and the 1st thing I wanted to do was > to quickly test the example at [1]. > > Sorry if it is something that is very obvious and off-topic, but I can't > seem to validate the encryption of the content encryption key: I keep > getting a different output every time the test code runs. > > The code is the one that I wrote by 'scraping' the code from all over the > Web but also I see Jose.4.j [3] produces a different output too. > Is it due to the given key properties specified in [1] or it is actually > indeed expected that production at [2] is reproducible ? > > Cheers, Sergey > > [1] http://tools.ietf.org/html/draft-ietf-jose-json-web- > encryption-26#appendix-A.1 > [2] http://tools.ietf.org/html/draft-ietf-jose-json-web- > encryption-26#appendix-A.1.3 > [3] https://bitbucket.org/b_c/jose4j/wiki/Home > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- [image: Ping Identity logo] <https://www.pingidentity.com/> Brian Campbell [Enter Title] @ bcampbell@pingidentity.com [image: phone] +1 720.317.2061 Connect with us… [image: twitter logo] <https://twitter.com/pingidentity> [image: youtube logo] <https://www.youtube.com/user/PingIdentityTV> [image: LinkedIn logo] <https://www.linkedin.com/company/21870> [image: Facebook logo] <https://www.facebook.com/pingidentitypage> [image: Google+ logo]<https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo] <http://www.slideshare.net/PingIdentity> [image: flipboard logo] <http://flip.it/vjBF7> [image: rss feed icon]<https://www.pingidentity.com/blogs/> [image: Register for Cloud Identity Summit 2014 | Modern Identity Revolution | 19–23 July, 2014 | Monterey, CA]<https://www.cloudidentitysummit.com/>
- [OAUTH-WG] [OT] Validation of JWE spec Appendix 1 Sergey Beryozkin
- Re: [OAUTH-WG] [OT] Validation of JWE spec Append… Brian Campbell
- Re: [OAUTH-WG] [OT] Validation of JWE spec Append… Sergey Beryozkin
- Re: [OAUTH-WG] [OT] Validation of JWE spec Append… Sergey Beryozkin