[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] Groups - RSA/ECC key agreement - update 1 uploaded
Hi Jonathan, RFC5990 seems to be similar to SP800-56B RSASVE.Generate/Recover, but the actual key agreement also requires SP800-56B KAS1-basic (at least), which includes an nonce. Is this nonce the
pSharedData in CK_RSA_KEM_PARAMS? The NIST spec specifies a protocol in section 8.2.2 (figure 6) where the nonce is retrieved in a 2nd step. Therefore, it cannot be part of the parameter. Would it still be
compliant if a pubkey and the nonce are retrieved at once and the shared secret is generated in one step? However, we have only created a shared secret now and have to use it in a hybrid key-transport scheme (SP800-56B section 9.3). In a protocol, sending the wrapped key would be the last
step since the transport key is already established. However, the goal of the CKM_RSA_AES_KEY_WRAP mechanism was to have an implicit protocol combining the encrypted transport key and the key wrapped with the transport key. CSPs are using it in that way (https://docs.microsoft.com/en-gb/azure/key-vault/keys/byok-specification).
This would not be possible with CKM_RSA_KEM. Also, it seems that CKM_RSA_AES_KEY_WRAP is the same as SP800-56B KTS-OAEP (section 9.2). Therefore, just for compliance reasons there is no need for a new RSA-based key wrapping mechanism. The CKM_ECDH1_ONE_PASS_DERIVE mechanism is doing exactly the same as the first two steps of the CKM_ECDH_AES_KEY_WRAP mechanism. The actual key transport part is left as exercise to
the user. And therefore, it does not solve the original problem that we had with CKM_ECDH_AES_KEY_WRAP: defining a structure combining the public EC key and the wrapped key in such a way that both parts can be split unambiguously and the key can be unwrapped. So, my overall conclusion would be that we don’t need these mechanisms and we still need to solve the CKM_ECDH_AES_KEY_WRAP problem. Regards, Daniel From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Jonathan Schulze-Hewett Submitter's message
Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen – Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Martin Stamm CFO This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]