Re: [OAUTH-WG] [OT] Validation of JWE spec Appendix 1
Sergey Beryozkin <sberyozkin@gmail.com> Wed, 07 May 2014 11:16 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A08F41A06D0; Wed, 7 May 2014 04:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bIqmOlCuS2M0; Wed, 7 May 2014 04:16:10 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) by ietfa.amsl.com (Postfix) with ESMTP id 564911A06D1; Wed, 7 May 2014 04:16:10 -0700 (PDT)
Received: by mail-wi0-f180.google.com with SMTP id hi2so1114377wib.13 for <multiple recipients>; Wed, 07 May 2014 04:16:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=WpuzyB99vtnnitTFFUWDDnBbOh0lJsakZCavfucn0SM=; b=qbQf6s1KS9TZt/WOHgF4C/MXf2PkhFBpI7syf5hMWEJJ9cx9e+HFVcNLqyj/62f7lu LPW/vXILLHgGmb78gwAeAO80Y9I301Ra4TXT+PY5k/KDO6p4XAxmspGItzQXx3pxHolM rzlP3B81w3UxT+YeTYDSDRrUgyD5sTmWXydaDXhWr/c7+3ffbIv4SHmqcgo43namhgTl kpIIBoDu2gJkY1r7kXEqQsa4FO8DfLseDwoRC3RyvqfNeeA3dwysPDVRXl38Bf/xnbce Sx4JyQJdYJDDT5eS4zZDixa531TuJoZZKjhofMQGSkDDzbfdZjXh3csfWLyRZz8dee45 OcsQ==
X-Received: by 10.180.93.226 with SMTP id cx2mr7331662wib.16.1399461365680; Wed, 07 May 2014 04:16:05 -0700 (PDT)
Received: from [192.168.2.7] ([89.100.139.33]) by mx.google.com with ESMTPSA id xm20sm30944489wib.19.2014.05.07.04.16.03 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 07 May 2014 04:16:04 -0700 (PDT)
Message-ID: <536A15F3.7050203@gmail.com>
Date: Wed, 07 May 2014 12:16:03 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Brian Campbell <bcampbell@pingidentity.com>, "jose@ietf.org" <jose@ietf.org>
References: <5363C88E.5070209@gmail.com> <CA+k3eCSG8E5918RqiHG5fqLV-gs3kTofuAng6yBM15_rn+35SA@mail.gmail.com> <5367C582.3010705@gmail.com>
In-Reply-To: <5367C582.3010705@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/grsBg8UPz3udXUoN5LvNydiyF6c
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [OT] Validation of JWE spec Appendix 1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 11:16:12 -0000
Sorry for the noise, wanted to point out to the fact Section A.1.8 explicitly mentions "Note that since the RSAES OAEP computation includes random values, the encryption results above will not be completely reproducible". I wish I read that section first :-) Thanks all, Sergey On 05/05/14 18:08, Sergey Beryozkin wrote: > Hi Brian > On 03/05/14 14:36, Brian Campbell wrote: >> Hi Sergey, >> >> This question might be more appropriate for the JOSE WG [0] list (which >> I've cc'd) as JWE is being developed there. >> > Sure, I'll be asking at [0] next time... >> Some of the algorithms, RSAES OAEP being one of them, are probabilistic >> encryption schemes which incorporate some element of randomness to yield >> a different output even when encrypting the same content multiple times. >> So the behavior you are observing is to be expected. >> > I was starting blaming myself for the fact I could not get the code > producing a match :-) >> That means that exactly reproducing the various steps of the examples in >> the specs will not be possible in some cases. I was recently discussing >> this off list with Matt Miller, the author of the JOSE Cookbook [1], and >> my suggestion was to have the cookbook just make note of which examples, >> or which parts of which examples, can't be easily reproduced due to >> non-deterministic algorithms. I think that your question here suggests >> that that idea might well provide utility to users/readers of that >> document. >> > +1 > > Thanks for the help, > Sergey > >> Hope that helps, >> Brian >> >> >> [0] http://tools.ietf.org/wg/jose/ >> [1] http://tools.ietf.org/html/draft-ietf-jose-cookbook-02 >> >> >> >> >> >> >> On Fri, May 2, 2014 at 10:32 AM, Sergey Beryozkin <sberyozkin@gmail.com >> <mailto:sberyozkin@gmail.com>> wrote: >> >> Hi, >> >> I'm starting experimenting with JWE, and the 1st thing I wanted to >> do was to quickly test the example at [1]. >> >> Sorry if it is something that is very obvious and off-topic, but I >> can't seem to validate the encryption of the content encryption key: >> I keep getting a different output every time the test code runs. >> >> The code is the one that I wrote by 'scraping' the code from all >> over the Web but also I see Jose.4.j [3] produces a different output >> too. >> Is it due to the given key properties specified in [1] or it is >> actually indeed expected that production at [2] is reproducible ? >> >> Cheers, Sergey >> >> [1] >> >> http://tools.ietf.org/html/__draft-ietf-jose-json-web-__encryption-26#appendix-A.1 >> >> >> <http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-26#appendix-A.1> >> >> [2] >> >> http://tools.ietf.org/html/__draft-ietf-jose-json-web-__encryption-26#appendix-A.1.3 >> >> >> <http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-26#appendix-A.1.3> >> >> [3] https://bitbucket.org/b_c/__jose4j/wiki/Home >> <https://bitbucket.org/b_c/jose4j/wiki/Home> >> >> _________________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/__listinfo/oauth >> <https://www.ietf.org/mailman/listinfo/oauth> >> >> >> >> >> -- >> Ping Identity logo <https://www.pingidentity.com/> >> Brian Campbell >> [Enter Title] >> @ bcampbell@pingidentity.com <mailto:bcampbell@pingidentity.com> >> phone +1 720.317.2061 <tel:%2B1%20720.317.2061> >> Connect with us… >> twitter logo <https://twitter.com/pingidentity> youtube logo >> <https://www.youtube.com/user/PingIdentityTV> LinkedIn logo >> <https://www.linkedin.com/company/21870> Facebook logo >> <https://www.facebook.com/pingidentitypage> Google+ logo >> <https://plus.google.com/u/0/114266977739397708540> slideshare logo >> <http://www.slideshare.net/PingIdentity> flipboard logo >> <http://flip.it/vjBF7> rss feed icon >> <https://www.pingidentity.com/blogs/> >> >> Register for Cloud Identity Summit 2014 | Modern Identity Revolution | >> 19–23 July, 2014 | Monterey, CA <https://www.cloudidentitysummit.com/> >> >> > >
- [OAUTH-WG] [OT] Validation of JWE spec Appendix 1 Sergey Beryozkin
- Re: [OAUTH-WG] [OT] Validation of JWE spec Append… Brian Campbell
- Re: [OAUTH-WG] [OT] Validation of JWE spec Append… Sergey Beryozkin
- Re: [OAUTH-WG] [OT] Validation of JWE spec Append… Sergey Beryozkin