OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [pkcs11-comment] Invitation to comment on four PKCS #11 specifications - ends July 6th



Hi!

On 06/06, Paul Knight wrote:
OASIS members and other interested parties,

OASIS and the OASIS PKCS 11 TC are pleased to announce that four PKCS #11
specifications are now available for public review and comment:
PKCS #11 Cryptographic Token Interface Base Specification Version 3.0
PKCS #11 Cryptographic Token Interface Profiles Version 3.0
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 3.0
PKCS #11 Cryptographic Token Interface Historical Mechanisms Specification
Version 3.0
[..]
The public review starts 7 June 2019 at 00:00 UTC and ends 6 July 2019 at
23:59 UTC.

The mechanisms CKM_AES_GCM and CKM_AES_CCM are vulnerable to two-pad
attacks unless IVs are generated internally. The new EncryptMessage
interface allows the token to set the IVs and communicate them. But
these mechanisms may also be used for Wrap and Unwrap (p. 103, Current
Mechanisms Specification). See also the thread from (Jun 27 2018).

Is there any way a token can chose the IV internally when wrapping? If
not, are there any plans to add them in the future?

With kind regards, Robert Künnemann
--
Robert Künnemann, Ph.D. | Postdoctoral researcher
CISPA Helmholtz Center for Information Security
Room 2.12, Stuhlsatzenhaus 5, Saarland Informatics Campus, 66123 Saarbrücken Phone: +49 681 302 70962

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]