- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 08 Oct 2014 18:01:49 +0200
- To: Mark Watson <watsonm@netflix.com>, Richard Barnes <rlb@ipv.sx>
- CC: Ryan Sleevi <sleevi@google.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On 2014-10-08 17:13, Mark Watson wrote:
> Surely you should change this:
>
> crypto.subtle.deriveKey(__derive_alg, key_pair.privateKey, {name: 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key)
>
> to this:
>
> crypto.subtle.deriveKey(__derive_alg, key_pair.privateKey, {name: 'CONCAT'}, false, ['deriveKey']).then (function(concat_key)
>
> var concat_params = { name: 'CONCAT', hash: 'SHA-1', algorithmId: ..., partyUInfo: ..., partyVInfo: ... };
> crypto.subtle.deriveKey(concat_params, concat_key, {name: 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key)
>
> ?
Whow! This looks great albeit a bit puzzling for a java-guy :-)
The first deriveKey only runs the ECDH primitive (generating Z) but marks the result as a CONCAT key?
Future user's of WebCrypto will surely look for answers at stacktrace.com because the specification is not very easy to interpret for programmers.
A user's guide would be an excellent addition to this work. There is one for XML Schema and it was my life-saver!
thanx,
Anders
>
> ...Mark
>
> On Wed, Oct 8, 2014 at 7:45 AM, Richard Barnes <rlb@ipv.sx <mailto:rlb@ipv.sx>> wrote:
>
> On Wed, Oct 8, 2014 at 10:36 AM, Ryan Sleevi <sleevi@google.com <mailto:sleevi@google.com>> wrote:
>
>
> On Oct 8, 2014 10:22 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> >
> > Dear List;
> > I'm not particularly up-to-speed on the WebCrypto API but I at least got this working fairly quickly:
> >
> > // Generate ephemeral ECDH key-pair
> > var gen_alg = {name: 'ECDH', namedCurve: selected_card.bank_encryption_key.crv};
> > crypto.subtle.generateKey(gen_alg, false, ['deriveKey']).then (function(key_pair) {
> >
> > // Import static ECDH key
> > crypto.subtle.importKey('jwk', selected_card.bank_encryption_key, {name: 'ECDH'}, false, ['deriveKey']).then (function(public_key) {
> >
> > // Derive key using ECDH
> > var derive_alg = {name: 'ECDH', public: public_key};
> > crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name: 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key) {
> >
> > // Encrypt using derived key
> > var encryption_algorithm = { name: 'AES-CBC', iv: window.crypto.getRandomValues(new Uint8Array(16))};
> > crypto.subtle.encrypt(encryption_algorithm, aes_key, signed_auth_data).then (function(encrypted_auth_data) {
> >
> > Naturally I wanted to use a KDF as well but then it got a bit less obvious how to do.
> > There is no support for deriveKey and CONCAT?
> >
> > So the proper solution is to deriveBits() and then import() the raw secret for usage with symmetric encryption algorithms?
> >
> > Pardon me if I'm totally off, WebCrypto is quite different to JCA/JCE which is my primary tool...
> >
> > Cheers
> > Anders
> >
> >
>
> "Derive bits" is the description of the internal algorithm used to support both the deriveKey and deriveBits API surface.
>
> So you can use deriveKey
>
> However, Anders is correct that there's no support for Concat right now (AFAIK). You should be able to polyfill with digest, though, if you really need it. You'll just have to export the secret from ECDH (or just use deriveBits).
>
> --Richard
>
>
Received on Wednesday, 8 October 2014 16:02:24 UTC