OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [kmip] EtM and MtE Wrapping Methods


Hi Judith,

Thank you. Unfortunately, the usage guide only covers encrypt-only and MAC-only scenarios.

Best regards,

Conrado GouvÃa
Software DeveloperÂ

+55 (19) 3112-5000Â
conradoplg@kryptus.com

www.kryptus.com





Em qua, 24 de jul de 2019 Ãs 19:36, <Judith.Furlong@dell.com> escreveu:

Conrado,

Â

There are a number of wrapped key examples included in the KMIP 1.4 Usage Guide which may help to address some of you questions. Please see section 4.2 in the KMIP 1.4 Usage Guide (http://docs.oasis-open.org/kmip/ug/v1.4/kmip-ug-v1.4.docx)

Â

Judy

Â

Judith Furlong

Distinguished Engineer

Lead Security Technologist

Dell EMC | Office of the CTO

Office:Â +1-774-350-6287

Judith.Furlong@dell.com

Â

From: kmip@lists.oasis-open.org <kmip@lists.oasis-open.org> On Behalf Of Conrado GouvÃa
Sent: Wednesday, July 24, 2019 10:16 AM
To: kmip@lists.oasis-open.org
Subject: [kmip] EtM and MtE Wrapping Methods

Â

[EXTERNAL EMAIL]

Hi everyone,

In KMIP 1.4, there are two Wrapping Methods that I believe are not precisely specified:

- Encrypt then MAC/sign.
- MAC/sign then encrypt.

AFAIK there aren't any test case with those methods.

What exactly is Encrypt then MAC/sign (for symmetric crypto)?


It looks like it should compute C = Enc(IV, Msg), then T = MAC(C), return C as wrapped data and T inÂMAC/Signature. (Though it's not really explicitly defined...)
However, that is unsafe: we need to MAC the IV too, so it should be T = MAC(IVÂ+ÂC).
(seeÂhttps://crypto.stackexchange.com/questions/24353/encrypt-then-mac-do-i-need-to-authenticate-the-iv )

What exactly is MAC/sign then encrypt (for symmetric crypto)?


It looks like it should compute TÂ = MAC(Msg), then C = Enc(IV, Msg), return C as wrapped data and T in MAC/Signature. (Though also not explicitly defined...)
However, that is actually Encrypt and MAC, a totally different method. It should be C = Enc(IV, MsgÂ+ T), and then MAC/Signature would be not present.

For asymmetric crypto, Encrypt then Sign should be simple, but Sign then Encrypt falls into the same issue. If the signature isn't encrypted, then it's actually Encrypt and Sign.

So, what is the correct interpretation? Am I missing something?

Thanks!

Â

Conrado GouvÃa

Software DeveloperÂ

+55 (19) 3112-5000Â
conradoplg@kryptus.com

www.kryptus.com

Â



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]