[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Wrapping/unwrapping private keys
Hi, First, I tried to email this comment in June, but it did not appear to go through. I apologize if this results in a double commit of the comment. in PKCS#11 v3.0 section 2.7 it is described how private key should be encoded and then encrypted. Currently it states that this encryption must be done using CBC with PKCS padding. I assume this content is mostly left over from older versions of the standard as there are other mechanisms in the standard that are suitable for wrapping private keys... and far more suitable than CBC_PAD. I have a few thoughts on this section. My preference would be for (2) or (3) below, but that just my suggestion. 1) Should this section be updated so that it lists all mechanisms that support padding/de-padding as part of the mechanism. For example: GCM CCM AES_KEY_WRAP_PAD AES_KEY_WRAP_KWP Other CBC_PAD mechanisms? Are there other mechanisms of this nature that should also be added here? 2) Should the description be modified to be more generic and state that only mechanisms that support padding/de-padding are allowed? This would allow us to keep a simple explanation that would not need to be updated over time as mechanisms are added/removed. 3) Or should we refine the list to promote/support best practice and industry standard? For example, remove CBC_PAD and only promote the use of AEAD mechanisms or other mechanisms that included integrity. For example: GCM CCM AES_KEY_WRAP_KWP Thanks Darren
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]