OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [kmip] DSA parameter generation

You would need to propose adding the following into Cryptographic Domain Parameters - and such proposals should be presented to the list. Currently this cannot be done in KMIP.

P

Big Integer

Yes

Q

Big Integer

Yes

G

Big Integer

Yes



On Wed, Dec 5, 2018 at 10:30 PM Conrado GouvÃa <conradoplg@kryptus.com> wrote:
Dear Judy, Tony & others,

We're working on a general-purpose HSM, and this issue was raised in the FIPS validation process.
But it makes sense for some applications to avoid the expensive parameter generation process, and use a single set of parameters for all key pairs.

From what I understand, the current usage is:

* CreateKeyPair
 Â* Input: QLength
 Â* Generate a set of parameters, generate e key pair
 Â* Output: key pair, each key including the DSA parameters (P, Q, G)

While what we thought about would be:

* CreateKeyPair:
 Â* Input: P, Q, G (DSA parameters)
 Â* Generate a key pair for these parameters
 Â* Output: key pair

This would also require another operation to generate the DSA parameters, or to simply create a dummy key pair passing just QLength, which would trigger the old behaviour (generate both parameters and key pair), then discard the key pair; kind of cumbersome, though.

Thank you,


Conrado GouvÃa
Software DeveloperÂ

+55 (19) 3112-5000Â
conradoplg@kryptus.com

www.kryptus.com





Em qui, 25 de out de 2018 Ãs 12:56, Furlong, Judith <Judith.Furlong@dell.com> escreveu:

Conrado

Â

Our apologies for are very slow response to your email.

Â

To better answer your question could you please provide us with a bit more context of the use case where you are using the DSA keys and which KMIP Operations you want to use?

Â

Thanks

Â

Judy Furlong & Tony Cox

OASIS KMIP TC Co-Chairs

Â

From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Conrado GouvÃa
Sent: Thursday, September 6, 2018 12:47 PM
To: kmip@lists.oasis-open.org
Subject: [kmip] DSA parameter generation

Â

Hi everyone,

Â

The usual way to work with DSA is that you generate a set of parameters of a given size, and then generate a key pair for the given parameters.

Â

However, it seems that this is not possible through KMIP - there is only the Qlength parameter for the key generation, which seems to imply that in key generation a set of parameters is generated, and then a key pair is generated for these parameters, i.e. there is no way to generate a key pair for a set of given parameters.

Â

Is this interpretation correct? If it is, shouldn't there be a way to do that with KMIP?

Â

Thank you,

Â

Conrado GouvÃa

Software DeveloperÂ

+55 (19) 3112-5000Â
conradoplg@kryptus.com

www.kryptus.com

Â

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]