[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded
Hi Jonathan, Agreed I notice I had miss some of the name change almost as I published it. (JSH) Nits:
I have updated this already. No published again as yet. The mechs in terms of pkcs#11 will use CKM_AES_GCM CCM equivalent CCM this was a follow up from the work items for 3.2 public comments not captured elsewhere that will probably end
up in 3.2 See https://wiki.oasis-open.org/pkcs11/3.2WorkItems item 1 “Is there a way for the token to choose the
IV internally when wrapping in GCM and CCM” and PKCS11 state we support CKM_AES_GCM/CCM for wrap unwrap this was a clear up of about getting an IV back internally generated random IV and in a
FIPS -140-2 level3 the HSM must supply the IV. (JSH) Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap? Agreed: This is incorrect and needs to be removed
(JSH) Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption
algorithm defined? Agreed Needs clarification again copy and paste form Wrap and unwrap in each case and I need to specialize these to show it specifically designed for Authenticated Mechs CKM_AES_GCM/CCM using
an AES key. Thanks for the feed back not sure I will get this done before meeting. Thanks Hamish From:
Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com> WARNING: This email originated outside of Entrust. Hi Hamish, Is there a standard or specification that this is intended to help meet. For example, section 4.7 of RFC 7518 defines “Key Encryption with AES GCM” as a JSON Web Algorithm. If so, adding a reference
to the standard would be helpful for context. As of now I don’t have a good handle on why I would implement this, which algorithms it would support, etc. Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap? Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined? Nits:
Sincerely, Jonathan From:
pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Hamish Cameron THIS MESSAGE COMES FROM AN EXTERNAL SOURCE. PLEASE VERIFY THE CONTENTS OF THIS MESSAGE BEFORE PROCEEDING.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]