RE: crypto-ISSUE-13: Relationship between the W3C Web Cryptography work product and the IETF JOSE WG [Web Cryptography API]

Yes, CNG is internally inconsistent in this regard. It uses key size as a parameter everywhere except for ECC. But CNG also does not have a generic CryptoOperation; the algorithm is partly specified by the choice of algorithm provider, and partly through the properties of the key used. We could certainly do that here as well, but my understanding was that we were trying to completely specify the algorithm in the Algorithm object to reduce developer confusion.

-----Original Message-----
From: Wan-Teh Chang [mailto:wtc@google.com] 
Sent: Tuesday, August 21, 2012 1:49 PM
To: Vijay Bharadwaj
Cc: Ryan Sleevi; Web Cryptography Working Group
Subject: Re: crypto-ISSUE-13: Relationship between the W3C Web Cryptography work product and the IETF JOSE WG [Web Cryptography API]

On Tue, Aug 14, 2012 at 9:30 AM, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com> wrote:
> Regarding key sizes, I disagree - I think you may have picked the wrong examples for this.
>
> AES-256 is a different algorithm than AES-128; the key expansion is substantially different.
> Similarly, the EC curve is not just a matter of key size; it 
> determines the field in which all operations are performed. So I don't 
> think you can have a complete algorithm specification without including these two.

Hi Vijay: thank you for your comment. I understand your point. The key size and elliptic curve name are attributes of a key, and an API can be designed so that these key attributes determine the variant of the algorithm used. This is the design used in Java and PKCS #11:
http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/pkcs11t.h&rev=1.22&mark=882,884#878
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/pkcs11t.h&rev=1.22&mark=859,861-862#856

I can't quite figure out which design is used in Windows CNG. It seems to be a mixture because I see BCRYPT_AES_ALGORITHM "AES", which does not contain the key size, and BCRYPT_ECDSA_P256_ALGORITHM, which contains the key size/curve name:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa375534%28v=vs.85%29.aspx

Wan-Teh

Received on Monday, 27 August 2012 10:06:08 UTC