Re: [OAUTH-WG] [OT] Validation of JWE spec Appendix 1

[Sergey Beryozkin <sberyozkin@gmail.com>]

Hi Brian
On 03/05/14 14:36, Brian Campbell wrote:
> Hi Sergey,
>
> This question might be more appropriate for the JOSE WG [0] list (which
> I've cc'd) as JWE is being developed there.
>
Sure, I'll be asking at [0] next time...
> Some of the algorithms, RSAES OAEP being one of them, are probabilistic
> encryption schemes which incorporate some element of randomness to yield
> a different output even when encrypting the same content multiple times.
> So the behavior you are observing is to be expected.
>
I was starting blaming myself for the fact I could not get the code 
producing a match :-)
> That means that exactly reproducing the various steps of the examples in
> the specs will not be possible in some cases. I was recently discussing
> this off list with Matt Miller, the author of the JOSE Cookbook [1], and
> my suggestion was to have the cookbook just make note of which examples,
> or which parts of which examples, can't be easily reproduced due to
> non-deterministic algorithms. I think that your question here suggests
> that that idea might well provide utility to users/readers of that document.
>
+1

Thanks for the help,
Sergey

> Hope that helps,
> Brian
>
>
> [0] http://tools.ietf.org/wg/jose/
> [1] http://tools.ietf.org/html/draft-ietf-jose-cookbook-02
>
>
>
>
>
>
> On Fri, May 2, 2014 at 10:32 AM, Sergey Beryozkin <sberyozkin@gmail.com
> <mailto:sberyozkin@gmail.com>> wrote:
>
>     Hi,
>
>     I'm starting experimenting with JWE, and the 1st thing I wanted to
>     do was to quickly test the example at [1].
>
>     Sorry if it is something that is very obvious and off-topic, but I
>     can't seem to validate the encryption of the content encryption key:
>     I keep getting a different output every time the test code runs.
>
>     The code is the one that I wrote by 'scraping' the code from all
>     over the Web but also I see Jose.4.j [3] produces a different output
>     too.
>     Is it due to the given key properties specified in [1] or it is
>     actually indeed expected that production at [2] is reproducible ?
>
>     Cheers, Sergey
>
>     [1]
>     http://tools.ietf.org/html/__draft-ietf-jose-json-web-__encryption-26#appendix-A.1
>     <http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-26#appendix-A.1>
>     [2]
>     http://tools.ietf.org/html/__draft-ietf-jose-json-web-__encryption-26#appendix-A.1.3
>     <http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-26#appendix-A.1.3>
>     [3] https://bitbucket.org/b_c/__jose4j/wiki/Home
>     <https://bitbucket.org/b_c/jose4j/wiki/Home>
>
>     _________________________________________________
>     OAuth mailing list
>     OAuth@ietf.org <mailto:OAuth@ietf.org>
>     https://www.ietf.org/mailman/__listinfo/oauth
>     <https://www.ietf.org/mailman/listinfo/oauth>
>
>
>
>
> --
> Ping Identity logo <https://www.pingidentity.com/> 	
> Brian Campbell
> [Enter Title]
> @ 	bcampbell@pingidentity.com <mailto:bcampbell@pingidentity.com>
> phone 	+1 720.317.2061 <tel:%2B1%20720.317.2061>
> Connect with us…
> twitter logo <https://twitter.com/pingidentity> youtube logo
> <https://www.youtube.com/user/PingIdentityTV> LinkedIn logo
> <https://www.linkedin.com/company/21870> Facebook logo
> <https://www.facebook.com/pingidentitypage> Google+ logo
> <https://plus.google.com/u/0/114266977739397708540> slideshare logo
> <http://www.slideshare.net/PingIdentity> flipboard logo
> <http://flip.it/vjBF7> rss feed icon <https://www.pingidentity.com/blogs/>
>
> Register for Cloud Identity Summit 2014 | Modern Identity Revolution |
> 19–23 July, 2014 | Monterey, CA <https://www.cloudidentitysummit.com/>
>
>