Re: [OAUTH-WG] JWE with A128CBC-HS256

John Bradley <ve7jtb@ve7jtb.com> Fri, 28 March 2014 16:10 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06C6A1A063C for <oauth@ietfa.amsl.com>; Fri, 28 Mar 2014 09:10:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.146
X-Spam-Level:
X-Spam-Status: No, score=-0.146 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FRT_ADOBE2=2.455, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSz1-FG_fXOn for <oauth@ietfa.amsl.com>; Fri, 28 Mar 2014 09:10:19 -0700 (PDT)
Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8531A0146 for <oauth@ietf.org>; Fri, 28 Mar 2014 09:10:19 -0700 (PDT)
Received: by mail-qa0-f42.google.com with SMTP id k15so5507859qaq.15 for <oauth@ietf.org>; Fri, 28 Mar 2014 09:10:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=PCL9sLEAQo+ejjx9oXzMdmM9uMhPcIu5T2elQo+Q2CA=; b=i7SFKmOIDNHwXr3+F/Q0A5lJEGQcasHuf3LWzFs6NPA/ShDkmBE0tzptMvIsaTuGgy AJUFJ470UCzDfamlkgQbgXKBNowhkQ2rgE1e7aTIx5aBQB5mqf5pf+Cnw8ptcVO4Apr7 aSr7T81bQMjonWw9pXwAZ4UuX1yx7cQZXYZgOYBIZHW6zNTugom2rkexfWqRSCjQuS7M 3S5HHziVTZ5bXP+55mVrx/DOlPueaYnviQKphUxxdrG1WZgiOc5Sq2HQr++L51n4BEaR 7Lcbnop3oFgvFxtJl9/gu7OC1u4QlspG9FglHtM5hGCBVMwLvnTb6ERxCN9dEjK7DeKT jdCw==
X-Gm-Message-State: ALoCoQmOPE2eiJnmOHk82z0ZoOSJ+InY2Bp5j8rLoI1MfsdTXy5Owasbo+f0b/r70H540cQ8EbqI
X-Received: by 10.224.13.142 with SMTP id c14mr3444573qaa.76.1396023016939; Fri, 28 Mar 2014 09:10:16 -0700 (PDT)
Received: from [192.168.1.216] (190-20-47-194.baf.movistar.cl. [190.20.47.194]) by mx.google.com with ESMTPSA id i95sm1551877qge.5.2014.03.28.09.10.15 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 28 Mar 2014 09:10:16 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <E03A5014-EDCB-4E7C-A05B-F474D72D1D0E@adobe.com>
Date: Fri, 28 Mar 2014 13:09:02 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <C7692FDB-FAB0-4937-8354-9B2881207D4F@ve7jtb.com>
References: <E03A5014-EDCB-4E7C-A05B-F474D72D1D0E@adobe.com>
To: Antonio Sanso <asanso@adobe.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/tgxeXFUrwHiP4QclAJdHZOBLRnA
Cc: "oauth@ietf.org" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] JWE with A128CBC-HS256
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 16:10:21 -0000

This reference may be useful to you. http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2

The part of the spec you need is  http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-24#page-23

We originally used a KDF as you mention.  In order to simplify the alg and align with draft-mcgrew-aead-aes-cbc-hmac-sha2.

K is the concatenation of the AES key and teh HMAC Key.

John B.


On Mar 28, 2014, at 11:19 AM, Antonio Sanso <asanso@adobe.com> wrote:

> hi *,
> 
> in the JWT specification [0] there is an example of a JWE that use A128CBC-HS256 for content encrpyption.
> Now I am not a cryptographer my self but IIUC the same CEK is used for encrypting with AES and authentication HMAC.
> 
> AFAIK is better to use two different keys for those 2 different primitives (this will not obviously apply to AES_GCM).
> 
> Unless I am missing something... :)
> 
> regards
> 
> antonio
> 
> [0] http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.1
> [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-A.2
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth